Synopsis
The remote device is missing a vendor-supplied security patch.
Description
According to its self-reported version, Cisco SD-WAN vManage is affected by a privilege escalation vulnerability due to improper validation of path input to the system file transfer functions. An authenticated, local attacker can exploit this to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the attacker to gain escalated privileges.
Please see the included Cisco BIDs and Cisco Security Advisory for more information.
Solution
Upgrade to the relevant fixed version referenced in Cisco bug ID CSCvv21757